1.5M Unpatched WordPress Sites Hacked

Experts say that the attackers have taken a liking to content-injection vulnerability that is disclosed last week which is patched in WordPress 4.7.2. It has been exploited to used to deface 1.5M sites so far.

WordPress has silently patched this issue. An unauthenticated privilege escalation vulnerability in the REST API endpoint, which is when it pushed version 4.7.2 on Jan. 26. A core developer with in the CMS said the following week that they waited to disclose this vulnerability to ensure that millions of more sites could deploy this update. WordPress has a feature which automatically updates the CMS on the majority number of sites, but some users choose not to use it and test updates before applying them.

Mark Maunder, the WordFence’s Chief Executive Officer, said that researchers have seen the biggest spike in attacks on this Tuesday when the company has blocked roughly 13,000 attacks from campaigns which are 20 and different.

The reason for the influx, Maunder said, is because at the beginning of the week attackers refined their attacks to bypass a rule that WordFence and other companies had implemented. While WordFence was quick to engineer a new rule to prevent the bypass, attackers were still able to succeed in infecting a slew of sites–more than 800,000 over a 48-hour period from Tuesday to Wednesday–he said.

In some instances, hackers are competing to compromise sites that haven’t yet applied the fix. WordFence researchers claim they’ve come across some sites where multiple hackers attempt to take credit on multiple pages for hacking them. The defacing and re-defacing will likely continue until those sites apply the 4.7.2 fix, Maunder says.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Related

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]